terraform-provider-vault Auto Renew for Revoked Certificates (vault_pki_secret_backend

Auto Renew for Revoked Certificates (vault_pki_secret_backend_cert)

Open Merenon opened this issue 3 years ago • 0 comments

Versions

Vault Provider 2.18.0

Affected Resource(s)

Please list the resources as a list, for example:

vault_pki_secret_backend_cert

Terraform Configuration Files

resource "vault_pki_secret_backend_cert" "client_certificate" {
  backend               = "pki"
  name                  = "my-client-cert"
  common_name           = "my-cn"
  private_key_format    = "pkcs8"
  ttl                   = (30 * 24 * 60 * 60)
  min_seconds_remaining = (5 * 24 * 60 * 60)
  auto_renew            = true
}

Expected Behavior

When the certificate has been revoked on the Vault side, the "auto_renew" feature should attempt to generate a new client certificate to ensure validity wherever it is references/used. Otherwise, there is no way to renew the certificate with Terraform, as it is still considered valid (based on the expiration date and current state).

Actual Behavior

Certificate revocation is not recognized by Terraform. Revoked certificate is still used for resources.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

terraform apply - generate client certificate
Manually revoke the certificate within Vault
terraform plan - note that no changes are detected/planned

Jul 27 '21 15:07 Merenon

terraform-provider-vault terraform-provider-vault copied to clipboard

Auto Renew for Revoked Certificates (vault_pki_secret_backend_cert)

Versions

Affected Resource(s)

Terraform Configuration Files

Expected Behavior

Actual Behavior

Steps to Reproduce

terraform-provider-vault
terraform-provider-vault copied to clipboard